[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-19 12:53:49
On Thu, 19 Sep 2013, keld wrote:
So first things first, let's start with a proper threat analysis.

I don't know how to write such an analysis, and it seems like red tape to me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting

What Rolf was saying is that in this thread we were trying to come up with a solution, without first having defined the problem we were trying to solve. That is, without having defined a threat model we wanted to defend against.

One such threat model could be a third party reading the content of a conversation. A defense against such a threat could be the encryption of the message content, for instance by using PGP.

Another threat model could be anyone being able to determine the location of the sender. A defense against such a threat could be to use an anonimity network like Tor to log into a webmail service and use that to send email.

So you should first identify a threat model and then we can discuss defenses against them. If your threat model is government surveillance, then I don't think TLS is a solution.

As many others have tirelessly tried to explain in this thread: if you don't want to risk your message being intercepted by third parties, some kind of always-use-TLS-pretty-please flag won't offer adequate protection. If you can live with this risk, you're unlikely to want to risk losing the email.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>